| | |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | case 'UNIQUE': |
|---|
| | | if($this->action == 'NEW') { |
|---|
| | | if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n'; |
|---|
| | | if($validator['allowempty'] == 'n' || ($validator['allowempty'] == 'y' && $field_value != '')){ |
|---|
| | | if($this->action == 'NEW') { |
|---|
| | | $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."'"); |
|---|
| | | if($num_rec["number"] > 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | } else { |
|---|
| | | $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM ".$escape.$this->formDef['db_table'].$escape. " WHERE $field_name = '".$app->db->quote($field_value)."' AND ".$this->formDef['db_table_idx']." != ".$this->primary_id); |
|---|
| | | if($num_rec["number"] > 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | case 'NOTEMPTY': |
|---|
| | | if(empty($field_value)) { |
|---|
| | |
|---|
| | | } |
|---|
| | | break; |
|---|
| | | case 'ISIP': |
|---|
| | | //* Check if its a IPv4 or IPv6 address |
|---|
| | | if(function_exists('filter_var')) { |
|---|
| | | if(!filter_var($field_value,FILTER_VALIDATE_IP)) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | if($validator['allowempty'] != 'y') $validator['allowempty'] = 'n'; |
|---|
| | | if($validator['allowempty'] == 'y' && $field_value == '') { |
|---|
| | | //* Do nothing |
|---|
| | | } else { |
|---|
| | | //* Check content with regex, if we use php < 5.2 |
|---|
| | | $ip_ok = 0; |
|---|
| | | if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | //* Check if its a IPv4 or IPv6 address |
|---|
| | | if(isset($validator['separator']) && $validator['separator'] != '') { |
|---|
| | | //* When the field may contain several IP addresses, split them by the char defined as separator |
|---|
| | | $field_value_array = explode($validator['separator'],$field_value); |
|---|
| | | } else { |
|---|
| | | $field_value_array[] = $field_value; |
|---|
| | | } |
|---|
| | | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | } |
|---|
| | | if($ip_ok == 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | foreach($field_value_array as $field_value) { |
|---|
| | | if(function_exists('filter_var')) { |
|---|
| | | if(!filter_var($field_value,FILTER_VALIDATE_IP)) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | //* Check content with regex, if we use php < 5.2 |
|---|
| | | $ip_ok = 0; |
|---|
| | | if(preg_match("/^(\:\:([a-f0-9]{1,4}\:){0,6}?[a-f0-9]{0,4}|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){0,6}?\:\:|[a-f0-9]{1,4}(\:[a-f0-9]{1,4}){1,6}?\:\:([a-f0-9]{1,4}\:){1,6}?[a-f0-9]{1,4})(\/\d{1,3})?$/i", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | } |
|---|
| | | if(preg_match("/^[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}(\.)[0-9]{1,3}$/", $field_value)){ |
|---|
| | | $ip_ok = 1; |
|---|
| | | } |
|---|
| | | if($ip_ok == 0) { |
|---|
| | | $errmsg = $validator['errmsg']; |
|---|
| | | if(isset($this->wordbook[$errmsg])) { |
|---|
| | | $this->errorMessage .= $this->wordbook[$errmsg]."<br />\r\n"; |
|---|
| | | } else { |
|---|
| | | $this->errorMessage .= $errmsg."<br />\r\n"; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | | } |
|---|
| | |
|---|
| | | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { |
|---|
| | | $sql_insert_val .= "PASSWORD('".$app->db->quote($record[$key])."'), "; |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); |
|---|
| | | $record[$key] = $tmp['crypted']; |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | | } else { |
|---|
| | | $record[$key] = md5(stripslashes($record[$key])); |
|---|
| | | $sql_insert_val .= "'".$app->db->quote($record[$key])."', "; |
|---|
| | |
|---|
| | | $record[$key] = $app->auth->crypt_password(stripslashes($record[$key])); |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | | } elseif (isset($field['encryption']) && $field['encryption'] == 'MYSQL') { |
|---|
| | | $sql_update .= "`$key` = PASSWORD('".$app->db->quote($record[$key])."'), "; |
|---|
| | | $tmp = $app->db->queryOneRecord("SELECT PASSWORD('".$app->db->quote(stripslashes($record[$key]))."') as `crypted`"); |
|---|
| | | $record[$key] = $tmp['crypted']; |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | | } else { |
|---|
| | | $record[$key] = md5(stripslashes($record[$key])); |
|---|
| | | $sql_update .= "`$key` = '".$app->db->quote($record[$key])."', "; |
|---|
| | |
|---|
| | | } else { |
|---|
| | | if($primary_id != 0) { |
|---|
| | | // update client permissions only if client_id > 0 |
|---|
| | | if($this->formDef['auth'] == 'yes' && $this->client_id > 0) { |
|---|
| | | if($this->formDef['auth'] == 'yes' && $this->client_id > 0 && $this->sys_userid > 0 && $this->sys_default_group > 0) { |
|---|
| | | $sql_update .= '`sys_userid` = '.$this->sys_userid.', '; |
|---|
| | | $sql_update .= '`sys_groupid` = '.$this->sys_default_group.', '; |
|---|
| | | } |
|---|
| | |
|---|
| | | if(@is_numeric($primary_id)) { |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$this->formDef['db_table_idx']." = ".$primary_id; |
|---|
| | | return $app->db->queryOneRecord($sql); |
|---|
| | | } elseif (@is_array($primary_id)) { |
|---|
| | | $sql_where = ''; |
|---|
| | | } elseif (@is_array($primary_id) || @is_object($primary_id)) { |
|---|
| | | if(@is_object($primary_id)) $primary_id = get_object_vars($primary_id); // do not use cast (array)xxx because it returns private and protected properties! |
|---|
| | | $sql_offset = 0; |
|---|
| | | $sql_limit = 0; |
|---|
| | | $sql_where = ''; |
|---|
| | | foreach($primary_id as $key => $val) { |
|---|
| | | $key = $app->db->quote($key); |
|---|
| | | $val = $app->db->quote($val); |
|---|
| | | if(stristr($val,'%')) { |
|---|
| | | if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val); |
|---|
| | | elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val); |
|---|
| | | elseif(stristr($val,'%')) { |
|---|
| | | $sql_where .= "$key like '$val' AND "; |
|---|
| | | } else { |
|---|
| | | $sql_where .= "$key = '$val' AND "; |
|---|
| | | } |
|---|
| | | } |
|---|
| | | $sql_where = substr($sql_where,0,-5); |
|---|
| | | if($sql_where == '') $sql_where = '1'; |
|---|
| | | $sql = "SELECT * FROM ".$escape.$this->formDef['db_table'].$escape." WHERE ".$sql_where; |
|---|
| | | if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit; |
|---|
| | | return $app->db->queryAllRecords($sql); |
|---|
| | | } else { |
|---|
| | | $this->errorMessage = 'The ID must be either an integer or an array.'; |
|---|
